Exchange 365 and Directory Sync Fail number 2

home | blog | Teh Internet | guest blog |rants | placeholder | political | projects | Gwen and Liam | Citadel patched | Tools | Scouts


- Careful Chrome users, this search box might be "Not secure"



You can feel free to keep running that internal Exchange server folks:
If you implement a single sign-on solution, we strongly recommend that you maintain at least one
Exchange server so that you can access Exchange System Manager (Exchange 2003) or the Exchange
Management Console/Exchange Management Shell (Exchange 2007, Exchange 2010, and Exchange 2013) to
manage mail-related attributes on the on-premises mail-enabled users. For Exchange 2007 and Exchange 2010,
the Exchange server that you maintain should have the Hub Transport, Client Access, and Mailbox server
roles installed.

Role over - http://technet.microsoft.com/en-us/library/jj874016(v=exchg.150).aspx

Of course, that directly contradicts the migration article:
Step 5   Implement a single sign-on solution (optional)
After all mailboxes are migrated to the cloud, you can implement a single sign-on solution to enable users to use their
on-premises Active Directory credentials (username and password) to access their Office 365 mailboxes and existing
on-premises resources. You implement a single sign-on solution by deploying Active Directory Federation Services (AD FS)
2.0 (AD FS 2.0). For more information, see Cutover Exchange Migration and Single Sign-on.

Step 6   Remove your on-premises Exchange organization (optional)
After you’ve verified that all email is being routed directly to the cloud-based mailboxes, completed the migration, and
no longer need to maintain your on-premises email organization or don’t plan on implementing a single sign-on solution, you
can uninstall Exchange from your servers and remove your on-premises Exchange organization. For more information,
see the following:

See the following, you betcha: http://technet.microsoft.com/en-us/library/jj159539.aspx

Here are the bits that MS says get synched:
Table 1: Attributes that are synced from the on-premises Active Directory Domain Services (AD DS) to Windows Azure Active Directory (Windows Azure AD)

The following table lists the attributes that are synced from the on-premises AD DS to Windows Azure AD. Be aware that objects must contain values in the following attributes to be considered for sync:
cn
member (applies only to groups)
samAccountName (applies only to users)
alias (applies only to groups and contacts)
displayName (for groups with an mail or proxyAddresses attribute populated)

Synced object attribute	User	Group	Contact (Src)	Description
assistant	Read	-	Read	The name of the assistant for an account.
authOrig	Read	Read	Read	Relationship that indicates that the mailbox for the target object is authorized to send mail to the source object.
C	-	-	Read	Two-letter ISO 3166 [ISO3166] country code.
cn	Read	Read	Read	
co	Read	-	Read	The country/region in which the person (user or contact) or company is located.
company	Read	-	Read	The person's (user or contact) company name.
countryCode	Read	-	Read	The country code for person's (user or contact) language of choice.
department	Read	-	Read	The name of the person's (user or contact) department.
description	Read	Read	Read	Human-readable descriptive phrases about the object.
displayName	Read	Read	Read	The display name for an object, usually the combination of the person's first name, middle initial, and last name.
dLMemRejectPerms	Read	Read	Read	Relationship that indicates that members of the target object are -t authorized to send mail to the source object.
dLMemSubmitPerms	Read	Read	Read	Relationship that indicates that members of the target object are authorized to send mail to the source object.
ExtensionAttribute1	Read	Read	Read	Custom attribute that is defined in the customer on-premises directory.
ExtensionAttribute10	Read	Read	Read	Custom attribute that is defined in the customer on-premises directory.
ExtensionAttribute11	Read	Read	Read	Custom attribute that is defined in the customer on-premises directory.
ExtensionAttribute12	Read	Read	Read	Custom attribute that is defined in the customer on-premises directory.
ExtensionAttribute13	Read	Read	Read	Custom attribute that is defined in the customer on-premises directory.
ExtensionAttribute14	Read	Read	Read	Custom attribute that is defined in the customer on-premises directory.
ExtensionAttribute15	Read	Read	Read	Custom attribute that is defined in the customer on-premises directory.
ExtensionAttribute2	Read	Read	Read	Custom attribute that is defined in the customer on-premises directory.
ExtensionAttribute3	Read	Read	Read	Custom attribute that is defined in the customer on-premises directory.
ExtensionAttribute4	Read	Read	Read	Custom attribute that is defined in the customer on-premises directory.
ExtensionAttribute5	Read	Read	Read	Custom attribute that is defined in the customer on-premises directory.
ExtensionAttribute6	Read	Read	Read	Custom attribute that is defined in the customer on-premises directory.
ExtensionAttribute7	Read	Read	Read	Custom attribute that is defined in the customer on-premises directory.
ExtensionAttribute8	Read	Read	Read	Custom attribute that is defined in the customer on-premises directory.
ExtensionAttribute9	Read	Read	Read	Custom attribute that is defined in the customer on-premises directory.
facsimiletelephonenumber	Read	-	Read	Telephone numbers (and, optionally, the parameters) for facsimile terminals.
givenName	Read	-	Read	Name strings that are the part of a person's (user or contact) name that is -t their surname.
GroupType	-	Read	-	
hideDLMembership	-	Read	-	Hide the membership list on a distribution list from senders.
homephone	Read	-	Read	The person's (user or contact) main home telephone number.
info	Read	Read	Read	
Initials	Read	-	Read	Strings of initials of some or all of an individual's names, except the surname(s).
ipPhone	Read	-	Read	The TCP/IP address for the telephone.
l	Read	-	Read	Names of a locality or place, such as a city, county, or other geographic region.
legacyExchangeDN	Read	Read	Read	
mail	Read	Read	Read	The list of email addresses for a person (user or contact).
mailnickname	Read	Read	Read	
managedBy	-	Read	-	Resource/owner relationship, where the source object (a group) is the resource, and the target object is the owner.
manager	Read	-	Read	Manager/direct report relationship between two individuals, where the source object is the direct report, and the target object is the manager.
member	-	Read	-	Membership of the target object (of class User, Contact, or Group) in the group that is identified as the source object.
middleName	Read	-	Read	Additional names for a person (user or contact), for example, middle name, patronymic, matronymic, or other names.
mobile	Read	-	Read	The primary mobile phone number for a person (user or contact).
msDS-HABSeniorityIndex	Read	Read	Read	
msDS-PhoneticDisplayName	Read	Read	Read	
MsExchArchiveGUID	Read	-	-	
MsExchArchiveName	Read	-	-	
msExchArchiveStatus	Read/Write	-	-	Created in the Exchange cloud for "write back" to on-premises when the customer has a cloud archive.
msExchAssistantName	Read	-	Read	The name of the assistant for an account.
msExchAuditAdmin	Read	-	-	
msExchAuditDelegate	Read	-	-	
msExchAuditDelegateAdmin	Read	-	-	
msExchAuditOwner	Read	-	-	
MsExchBlockedSendersHash	Read/Write	-	Read	Populated through an upgrade from Business Productivity Online Standard Suite. –t synced from on-premises.
msExchBypassAudit	Read	-	-	
MsExchBypassModerationFromDLMembersLink	Read	Read	Read	
MsExchBypassModerationLink	Read	Read	Read	
msExchCoManagedByLink	-	Read	-	
msExchDelegateListLink	Read	-	-	
msExchELCExpirySuspensionEnd	Read	-	-	
msExchELCExpirySuspensionStart	Read	-	-	
msExchELCMailboxFlags	Read	-	-	
MsExchEnableModeration	Read	Read	-	
msExchExtensionCustomAttribute1	Read	Read	Read	
msExchExtensionCustomAttribute2	Read	Read	Read	
msExchExtensionCustomAttribute3	Read	Read	Read	
msExchExtensionCustomAttribute4	Read	Read	Read	
msExchExtensionCustomAttribute5	Read	Read	Read	
MsExchGroupDepartRestriction	-	Read	-	
MsExchGroupJoinRestriction	-	Read	-	
msExchHideFromAddressLists	Read	Read	Read	Indicator to control the visibility of a mail recipient for name resolution.
MsExchImmutableID	Read	-	-	
msExchLitigationHoldDate	Read	Read	Read	
msExchLitigationHoldOwner	Read	Read	Read	
MsExchMailboxGuid	Read	-	-	The GUID of the user’s mailbox.
msExchMailboxAuditEnable	Read	-	-	
msExchMailboxAuditLogAgeLimit	Read	-	-	
MsExchModeratedByLink	Read	Read	Read	
MsExchModerationFlags	Read	Read	Read	
MsExchRecipientDisplayType	Read	Read	Read	
msExchRecipientTypeDetails	Read	Read	Read	
MsExchRemoteRecipientType	Read	-	-	
msExchRequireAuthToSendTo	Read	Read	Read	When enabled for a distribution list (DL), unauthenticated users are rejected.
MsExchResourceCapacity	Read	-	-	
MsExchResourceDisplay	Read	-	-	
MsExchResourceMetaData	Read	-	-	
MsExchResourceSearchProperties	Read	-	-	
msExchRetentionComment	Read	Read	Read	
msExchRetentionURL	Read	Read	Read	
MsExchSafeRecipientsHash	Read/Write	-	Read	Populated through an upgrade from Business Productivity Online Standard Suite. -t synced from on-premises.
MsExchSafeSendersHash	Read/Write	-	Read	Populated through an upgrade from Business Productivity Online Standard Suite. -t synced from on premises.
MsExchSenderHintTranslations	Read	Read	Read	
msExchTeamMailboxExpiration	Read	-	-	
msExchTeamMailboxOwners	Read	-	-	
msExchTeamMailboxSharePointLinkedBy	Read	-	-	
msExchTeamMailboxSharePointUrl	Read	-	-	
msExchUCVoiceMailSettings	Read/Write	-	-	
msExchUsageLocation	Read	-	-	
msExchUserHoldPolicies	Read/Write	-	-	Litigation Hold allows cloud services to determine which users are under Litigation Hold
msOrg-IsOrganizational	-	Read	-	
msRTCSIP-ApplicationOptions	Read	-	-	
msRTCSIP-DeploymentLocator	Read	-	Read	Fully qualified DNS name of the Microsoft Lync Server 2010 deployment, as specified in the authoritative (customer, on-premises) directory.
msRTCSIP-Line	Read	-	Read	The device ID (either the Session Initiation Protocol (SIP) uniform resource identifier (URI) or the TEL URI) of the telephone that the user controls.
msRTCSIP-OwnerUrn	Read	-	-	
msRTCSIP-PrimaryUserAddress	Read	-	Read	SIP URI for instant messaging, as specified in the authoritative (customer, on-premise) directory.
msRTCSIP-UserEnabled	Read	-	Read	Indicates whether the user is currently enabled for SIP instant messaging, as specified in the authoritative (customer, on-premises) directory.
msRTCSIP-OptionFlags	Read	-	Read	
objectGUID	Read	Read	Read	Key for the object: this key is immutable, even if the object moves from one context to another, for example, as a result of a company merge or split.
oOFReplyToOriginator	-	Read	-	Governs whether out-of-office -tifications should be sent to a sender of a message to this distribution list (DL).
otherFacsimileTelephone	Read	-	Read	A list of alternative facsimile numbers.
otherHomePhone	Read	-	Read	A list of alternative home telephone numbers.
otherIpPhone	Read	-	Read	A list of alternative TCP/IP addresses for the telephone.
otherMobile	Read	-	Read	A list of alternative mobile phone numbers.
otherPager	Read	-	Read	A list of alternative pager numbers.
otherTelephone	Read	-	Read	A list of alternative office telephone numbers.
pager	Read	-	Read	The primary pager number.
photo	Read	-	-	
physicalDeliveryOfficeName	Read	-	Read	Names that a postal service uses to identify a post office.
postalCode	Read	-	Read	Codes that a postal service uses to identify postal service zones.
postOfficeBox	Read	-	Read	Postal box identifiers that a postal service uses when a customer arranges to receive mail at a box on the premises of the postal service.
PreferredLanguage	Read	-	-	The preferred written or spoken language for a user.
proxyAddresses	Read/Write	Read/Write	Read/Write	The address by which a Microsoft Exchange Server recipient object is recognized in a foreign mail system.
PublicDelegates	Read/Write	Read	Read	Cross-premises public delegation: allows users to specify delegates for their mailbox.
reportToOriginator	-	Read	-	Governs whether to send delivery reports to the message originator when a message that is sent to a group is -t delivered. The delivery report lets the group owner k-w that the message was -t delivered.
ReportToOwner	-	Read	-	
samAccountName	Read	-	-	
sn	Read	-	Read	Name strings for the family names of a person (user or contact).
st	Read	-	Read	The full names of states or provinces.
streetAddress	Read	-	Read	The person's (user or contact) address.
targetAddress	Read	-	Read	The destination address for the person (user or contact).
TelephoneAssistant	Read	-	Read	
telephoneNumber	Read	-	Read	Telephone numbers that comply with the ITU Recommendation E.123.
thumbnailphoto	Read	-	Read	Persons Photo - 10kb maximum size limit
title	Read	-	Read	The title of a person (user or contact) in the person's organizational context.
unauthOrig	Read	Read	Read	Relationship that indicates that the mailbox for the target object is -t authorized to send mail to the source object.
url	Read	-	Read	The list of alternative web pages.
userAccountControl	Read	-	-	
UserPrincipalName	Read	Read	-	The user principal name (UPN) that is an Internet-style logon name for a user, as specified in RFC 822.
wWWHomePage	Read	-	Read	The primary web page.

Credit to that pile of LDAP goes to this link : http://support.microsoft.com/kb/2256198




[æ]